From owner-p4-projects@FreeBSD.ORG  Tue Dec  4 21:30:00 2012
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 29A27717; Tue,  4 Dec 2012 21:30:00 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id D1F32715
 for <perforce@freebsd.org>; Tue,  4 Dec 2012 21:29:59 +0000 (UTC)
 (envelope-from brooks@freebsd.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org
 [IPv6:2001:4f8:fff6::2d])
 by mx1.freebsd.org (Postfix) with ESMTP id B5C228FC13
 for <perforce@freebsd.org>; Tue,  4 Dec 2012 21:29:59 +0000 (UTC)
Received: from skunkworks.freebsd.org (localhost [127.0.0.1])
 by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qB4LTxkR029485
 for <perforce@freebsd.org>; Tue, 4 Dec 2012 21:29:59 GMT
 (envelope-from brooks@freebsd.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qB4LTx3x029482
 for perforce@freebsd.org; Tue, 4 Dec 2012 21:29:59 GMT
 (envelope-from brooks@freebsd.org)
Date: Tue, 4 Dec 2012 21:29:59 GMT
Message-Id: <201212042129.qB4LTx3x029482@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 brooks@freebsd.org using -f
From: Brooks Davis <brooks@FreeBSD.org>
Subject: PERFORCE change 219879 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2012 21:30:00 -0000

http://p4web.freebsd.org/@@219879?ac=10

Change 219879 by brooks@brooks_zenith on 2012/12/04 21:29:41

	Double the speed of the CHERI sandbox case by reuseing the sandbox
	environment.  This makes it faster than capsicum in the multiple
	file case (as with cheribrowser).

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/minifile.c#6 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/ctsrd/minifile/minifile.c#6 (text+ko) ====

@@ -151,16 +151,15 @@
 	return type;
 }
 
+static struct sandbox *sandbox;
 static struct chericap file_cap, magic_cap, out_cap;
 
 const char *
-cheri_magic_descriptor(int mfd, int fd)
+cheri_magic_descriptor(void *magicbuf, size_t magicsize, int fd)
 {
 	register_t v;
-	size_t outsize, magicsize, filesize;
+	size_t outsize, filesize;
 	char *filebuf = NULL;
-	void *magicbuf = NULL;
-	struct sandbox *sandbox;
 	struct stat filesb, magicsb;
 	static char outbuf[4096];
 	const char *type;
@@ -174,14 +173,6 @@
 	CHERI_CANDPERM(10, 10, CHERI_PERM_STORE);
 	CHERI_CSC(10, 0, &out_cap, 0);
 
-	if (fstat(mfd, &magicsb) == -1)
-		err(1, "fstat magic fd");
-	magicsize = magicsb.st_size;
-	if ((magicbuf = mmap(NULL, magicsize, PROT_READ|PROT_WRITE,
-	    MAP_PRIVATE, mfd, 0)) == MAP_FAILED) {
-		warn("mmap magic fd");
-		goto error;
-	}
 	CHERI_CINCBASE(10, 0, magicbuf);
 	CHERI_CSETLEN(10, 10, magicsize);
 	CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD);
@@ -200,30 +191,19 @@
 	CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD);
 	CHERI_CSC(10, 0, &file_cap, 0);
 
-       if (sandbox_setup("/usr/libexec/minifile-cheri.bin", 8*1024*1024,
-            &sandbox) < 0)
-                goto error;
-
 	v = sandbox_invoke(sandbox, outsize, magicsize, filesize, 0,
 	    &out_cap, &magic_cap, &file_cap, NULL, NULL, NULL, NULL);
 	printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v);
 
-	sandbox_destroy(sandbox);
-
 	outsize = strnlen(outbuf, outsize);
 	if (v == 0) {
 		ttype = outbuf + outsize;
 		strvisx(ttype, outbuf, outsize, 0);
 		type = ttype;
-	} else {
-		ttype = outbuf + outsize;
-		strvisx(ttype, outbuf, outsize, 0);
-		type = ttype;
-	}
+	} else
+		type = "badmagic";
 
 error:
-	if (munmap(magicbuf, magicsize) == -1)
-		warn("munmap magicbuf");
 	if (munmap(filebuf, filesize) == -1)
 		warn("munmap filebuf");
 
@@ -237,9 +217,10 @@
 	void *magicbuf;
 	const char *fname;
 	int mfd, fd;
+	size_t magicsize;
 	const char *type;
 	struct magic_set *magic;
-	struct stat sb;
+	struct stat magicsb;
 
 	while ((ch = getopt(argc, argv, "s:")) != -1) {
 		switch(ch) {
@@ -262,38 +243,42 @@
 	if (argc <= 0)
 		usage();
 
+	/* Open the magic file */
 	mfd = open(MAGIC_FILE, O_RDONLY);
-	if (mfd == -1) {
-		warn("open(%s)", MAGIC_FILE);
-		magic_close(magic);
-		exit(1);
-	}
+	if (mfd == -1)
+		err(1, "open(%s)", MAGIC_FILE);
 
-	if (sbtype == SB_NONE) {
-		magic = magic_open(MAGIC_MIME_TYPE);
-		if (magic == NULL)
-			errx(1, "magic_open()");
-		if (fstat(mfd, &sb) == -1) {
+	/* For the NONE and CHERI cases, pre-map the file */
+	if (sbtype == SB_NONE || sbtype == SB_CHERI) {
+		if (fstat(mfd, &magicsb) == -1) {
 			warn("fstat(%s)", MAGIC_FILE);
-			magic_close(magic);
 			exit(1);
 		}
-		magicbuf = mmap(NULL, sb.st_size, PROT_READ|PROT_WRITE,
-		    MAP_PRIVATE, mfd, 0);
-		if (magicbuf == MAP_FAILED) {
+		magicsize = magicsb.st_size;
+		if ((magicbuf = mmap(NULL, magicsize, PROT_READ|PROT_WRITE,
+		    MAP_PRIVATE, mfd, 0)) == MAP_FAILED) {
 			warn("mmap(%s)", MAGIC_FILE);
 			magic_close(magic);
 			exit(1);
 		}
-		close(mfd);
-		if (magic_load_buffers(magic, &magicbuf, &sb.st_size, 1) ==
-		    -1) {
+	}
+
+	if (sbtype == SB_NONE) {
+		magic = magic_open(MAGIC_MIME_TYPE);
+		if (magic == NULL)
+			errx(1, "magic_open()");
+		if (magic_load_buffers(magic, &magicbuf, &magicsize, 1) == -1) {
 			warnx("magic_load() %s", magic_error(magic));
 			magic_close(magic);
 			exit(1);
 		}
 	}
 
+	if (sbtype == SB_CHERI)
+		if (sandbox_setup("/usr/libexec/minifile-cheri.bin", 8*1024*1024,
+		    &sandbox) < 0)
+			err(1, "can't create cheri sandbox");
+
 	for (; argc >= 1; argc--, argv++) {
 		fname = argv[0];
 		fd = open(fname, O_RDONLY);
@@ -311,7 +296,7 @@
 				errx(1, "capsicum_magic_descriptor()");
 			break;
 		case SB_CHERI:
-			type = cheri_magic_descriptor(mfd, fd);
+			type = cheri_magic_descriptor(magicbuf, magicsize, fd);
 			if (type == NULL)
 				errx(1, "cheri_magic_descriptor()");
 			break;
@@ -321,4 +306,7 @@
 		close(fd);
 		printf("%s: %s\n", fname, type);
 	}
+
+	if (sbtype == SB_CHERI)
+		sandbox_destroy(sandbox);
 }